A10 Networks is warning that the rise of Distributed Denial of Service (DDoS) attacks is threatening businesses with sudden death. The warning comes as A10 releases the results of a survey carried out by IDG Connect entitled “DDoS: A Clear and Ever Present Danger”. The survey focused on 120 companies and asked about the attacks they were seeing, the impact of those attacks and their budgets to mitigate future attacks.
According to Raj Jalan, CTO of A10 Networks: “DDoS attacks are called ‘sudden death’ for good reason. If left unaddressed, the costs will include lost business, time-to-service restoration and a decline in customer satisfaction. The good news is our findings show that security teams are making DDoS prevention a top priority. With a better threat prevention system, they can turn an urgent business threat into an FYI-level notification.”
Attacks increase in frequency and complexity
The report shows that the number of attacks companies faced over the last year varies widely. Those at the lower end of the scale faced between 1-5 attacks while a third were hit with over 25 attacks. The length of attacks also varied and while the average was 17 hours, some companies reported that they lasted for over 36 hours. The length of these attacks will cause serious concern for all businesses due to the impact on their own staff and customers.
The size of attack is also growing. The smallest attacks were 20-30 Gbps in size which is enough to overwhelm many small to mid sized enterprises (SMEs). At the upper end, over 59% saw attacks over 40 Gbps which will cause significant outage for many large enterprises.
There is another hidden risk of large DDoS attacks. While the obvious impact is to deny a business access to the Internet it can also be used to distract security teams. This happens when groups of attackers work together to launch a series of attacks using DDoS as cover for other attempts to penetrate businesses.
Getting the budget right to mitigate attacks
One of the big surprises in this survey is that 29% claim the cost of detection and mitigation solutions is the biggest internal barrier to protecting themselves against DDoS attacks. No explicit examples for why were given in the report. For example, is it the cost of on-premises appliances or the cost of external security teams to deal with attacks?
In many ways it doesn’t matter what the cause is, it is the fact that dealing with a business threatening security attack is deemed too expensive. This means that inside a number of organisations there is still no real understanding of how bad the problem could be for the business if it is unable to work.
It is not all bad news. Over 54% of companies plan to increase the funds available to deal with DDoS over the next year with many expecting a 22% increase in available funds. The survey again failed to give any real details on this. For example is it about training staff or bringing in new solutions?
Use hybrid cloud solutions to mitigate attacks
The use of cloud is a double edged sword when it comes to DDoS attacks. If users are unable to connect to the Internet then they cannot get to applications from the office. For those with mobile technology they can move to other locations where they can attempt to continue working but this also plays into the hands of an attack. For example, if a DDoS attacks causes staff to move to local coffee shops it opens up the possibility of other attacks on those mobile devices at a time when people are more concerned about getting online than security.
For customers, cloud does mean that they are still able to access websites and send email to a company. However, if the company has a hybrid strategy where data is held on-premises for security and privacy reasons then some apps may still not work. This means that companies may need to consider what data they can store in the cloud to enable their business to work.
Cloud can also be used to help mitigate the volume of any attack. Cloud vendors are building their own security around DDoS and would be able to provide access to additional bandwidth to help companies get back online.
Four steps to defending against DDoS
A10 Networks and IDG Connect offer a four step approach to dealing with DDoS:
- Be proactive, not reactive. Don’t wait for a major crash. You may already be experiencing attacks with slowed or blocked customer access which can lose sales and/or create customer dissatisfaction.
- Hope for the best, but prepare for the worst. Invest in sufficient DDoS protection early, before the organization has experienced a major attack.
- Beware of the “world of denial.” Ask the tough questions. What do your customer satisfaction metrics reveal? Do you see indicators of lost sales? What’s the real cost of service restoration?
- Consider dedicated multi-vector DDoS protection using in path mitigation coupled with integrate threat intelligence for best accuracy. Include hybrid protection with a cloud bursting service as an extra precaution to combat volumetric attacks.
The likelihood of a DDoS attack knocking companies offline continues to increase. Depending on the type of business, the impact of being offline for few hours, let alone the 36 hours reported by some companies in this survey, can be devastating. It can lead to a loss of business and a loss of customers. Worse, while all the security and network teams are firefighting the attack, cybercriminals and hackers are launching other attacks that often go unnoticed.
On the upside, while some companies are still baulking at the cost of solutions to mitigate DDoS, others are prepared to increase their budgets.